# Virtual host: create symbolic link{{ getDomains().length > 1 ? 's' : '' }} ln -s /etc/nginx/sites-available/{{ _domain }}.conf /etc/nginx/sites-enabled # HTTPS: create Diffie-Hellman keys openssl dhparam -dsaparam -out /etc/nginx/dhparam.pem {{ isSSLProfileOld() ? 1024 : 2048 }} # HTTPS - certbot (before first run): create ACME-challenge common directory mkdir -p /var/www/_letsencrypt && chown {{ data.user }} /var/www/_letsencrypt # HTTPS - certbot (before first run): disable SSL directives sed -i -r 's/(listen .*443)/\1;#/g; s/(ssl_(certificate|certificate_key|trusted_certificate) )/#;#\1/g' /etc/nginx/nginx.conf /etc/nginx/sites-{{ isSymlink() ? 'available' : 'enabled' }}/{{ _domain }}.conf # HTTPS - certbot: obtain certificates certbot certonly --webroot -d {{ _domain }} -d www.{{ _domain }} -d cdn.{{ _domain }} --email {{ data.email ? data.email : 'info@' + _domain }} -w /var/www/_letsencrypt -n --agree-tos --force-renewal # HTTPS - certbot (after first run): enable SSL directives sed -i -r 's/#?;#//g' /etc/nginx/nginx.conf /etc/nginx/sites-{{ isSymlink() ? 'available' : 'enabled' }}/{{ _domain }}.conf